Chapter 2: outline
2.1 principles of network
applications
 app architectures
 app requirements
2.6 P2P applications
2.7 socket programming
with UDP and TCP
2.2 Web and HTTP
2.3 FTP
2.4 electronic mail
 SMTP, POP3, IMAP
2.5 DNS
Application Layer 2-2
FTP: the file transfer protocol
FTP
user
interface
file transfer
FTP
client
user
at host


local file
system
FTP
server
remote file
system
transfer file to/from remote host
client/server model
 client: side that initiates transfer (either to/from remote)
 server: remote host


ftp: RFC 959
ftp server: port 21
Application Layer 2-3
FTP: separate control, data connections





FTP client contacts FTP server
at port 21, using TCP
client authorized over control
connection
client browses remote
directory, sends commands
over control connection
when server receives file
transfer command, server
opens 2nd TCP data
connection (for file) to client
after transferring one file,
server closes data connection
TCP control connection,
server port 21
FTP
client



TCP data connection,
server port 20
FTP
server
server opens another TCP
data connection to transfer
another file
control connection: “out of
band”
FTP server maintains
“state”: current directory,
earlier authentication
Application Layer 2-4
FTP commands, responses
sample commands:






sent as ASCII text over
control channel
USER username
PASS password
LIST return list of file in
current directory
RETR filename
retrieves (gets) file
STOR filename stores
(puts) file onto remote
host
sample return codes





status code and phrase (as
in HTTP)
331 Username OK,
password required
125 data
connection
already open;
transfer starting
425 Can’t open
data connection
452 Error writing
file
Application Layer 2-5
Chapter 2: outline
2.1 principles of network
applications
 app architectures
 app requirements
2.6 P2P applications
2.7 socket programming
with UDP and TCP
2.2 Web and HTTP
2.3 FTP
2.4 electronic mail
 SMTP, POP3, IMAP
2.5 DNS
Application Layer 2-6
Electronic mail
outgoing
message queue
user mailbox
Three major components:



user agents
mail servers
simple mail transfer
protocol: SMTP
User Agent




a.k.a. “mail reader”
composing, editing, reading
mail messages
e.g., Outlook, Thunderbird,
iPhone mail client
outgoing, incoming
messages stored on server
user
agent
mail
server
user
agent
SMTP
mail
server
user
agent
SMTP
SMTP
mail
server
user
agent
user
agent
user
agent
Application Layer 2-7
Electronic mail: mail servers
user mailbox
mail servers:



mailbox contains incoming
messages for user
message queue of outgoing
(to be sent) mail messages
SMTP protocol between
mail servers to send email
messages
 client: sending mail
server
 “server”: receiving mail
server
outgoing
message queue
user
agent
mail
server
user
agent
SMTP
mail
server
user
agent
SMTP
SMTP
mail
server
user
agent
user
agent
user
agent
Application Layer 2-8
Electronic Mail: SMTP [RFC 2821]



uses TCP to reliably transfer email message from
client to server, port 25
direct transfer: sending server to receiving
server
three phases of transfer
 handshaking (greeting)
 transfer of messages
 closure

command/response interaction (like HTTP, FTP)
 commands: ASCII text
 response: status code and phrase

messages must be in 7-bit ASCII
Application Layer 2-9
Scenario: Alice sends message to Bob
4) Alice’s mail server sends
Alice’s message over the
TCP connection
5) Bob’s mail server places the
message in Bob’s mailbox
6) Bob invokes his user agent
to read message
1) Alice uses UA to compose
message “to”
bob@someschool.edu
2) Alice’s UA sends message
to her mail server; message
placed in message queue
3) Alice’s mail server opens
TCP connection with Bob’s
mail server (acting as a client
of SMTP)
1 user
agent
2
mail
server
3
Alice’s mail server
user
agent
mail
server
4
6
5
Bob’s mail server
Application Layer 2-10
Sample SMTP interaction
S:
C:
S:
C:
S:
C:
S:
C:
S:
C:
C:
C:
S:
C:
S:
220 hamburger.edu
HELO crepes.fr
250 Hello crepes.fr, pleased to meet you
MAIL FROM: <alice@crepes.fr>
250 alice@crepes.fr... Sender ok
RCPT TO: <bob@hamburger.edu>
250 bob@hamburger.edu ... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
Do you like ketchup?
How about pickles?
.
250 Message accepted for delivery
QUIT
221 hamburger.edu closing connection
Application Layer 2-11
Try SMTP interaction for yourself:



telnet servername 25
see 220 reply from server
enter HELO, MAIL FROM, RCPT TO, DATA, QUIT
commands
above lets you send email without using email client (reader)
Application Layer 2-12
SMTP: final words



SMTP uses persistent
connections
SMTP requires message
(header & body) to be in
7-bit ASCII
SMTP server uses
CRLF.CRLF to
determine end of message
comparison with HTTP:





HTTP: pull
SMTP: push
both have ASCII
command/response
interaction, status codes
HTTP: each object
encapsulated in its own
response msg
SMTP: multiple objects
sent in multipart msg
Application Layer 2-13
Mail message format
SMTP: protocol for
exchanging email msgs
RFC 822: standard for text
message format:
 header lines, e.g.,
 To:
 From:
 Subject:
header
blank
line
body
different from SMTP MAIL
FROM, RCPT TO:

commands!
Body: the “message”
 ASCII characters only
Application Layer 2-14
Mail access protocols
user
agent
SMTP
SMTP
mail access
protocol
user
agent
(e.g., POP,
IMAP)
sender’s mail
server


receiver’s mail
server
SMTP: delivery/storage to receiver’s server
mail access protocol: retrieval from server
 POP: Post Office Protocol [RFC 1939]: authorization,
download
 IMAP: Internet Mail Access Protocol [RFC 1730]: more
features, including manipulation of stored msgs on
server
 HTTP: gmail, Hotmail, Yahoo! Mail, etc.
Application Layer 2-15
POP3 protocol
authorization phase


client commands:
 user: declare username
 pass: password
server responses
 +OK
 -ERR
transaction phase, client:




list: list message numbers
retr: retrieve message by
number
dele: delete
quit
S:
C:
S:
C:
S:
+OK POP3 server ready
user bob
+OK
pass hungry
+OK user successfully logged
C:
S:
S:
S:
C:
S:
S:
C:
C:
S:
S:
C:
C:
S:
list
1 498
2 912
.
retr 1
<message 1 contents>
.
dele 1
retr 2
<message 1 contents>
.
dele 2
quit
+OK POP3 server signing off
on
Application Layer 2-16
POP3 (more) and IMAP
more about POP3



previous example uses
POP3 “download and
delete” mode
 Bob cannot re-read email if he changes
client
POP3 “download-andkeep”: copies of messages
on different clients
POP3 is stateless across
sessions
IMAP



keeps all messages in one
place: at server
allows user to organize
messages in folders
keeps user state across
sessions:
 names of folders and
mappings between
message IDs and folder
name
Application Layer 2-17
Chapter 2: outline
2.1 principles of network
applications
 app architectures
 app requirements
2.6 P2P applications
2.7 socket programming
with UDP and TCP
2.2 Web and HTTP
2.3 FTP
2.4 electronic mail
 SMTP, POP3, IMAP
2.5 DNS
Application Layer 2-18
DNS: domain name system
people: many identifiers:
 SSN, name, passport #
Internet hosts, routers:
 IP address (32 bit) used for addressing
datagrams
 “name”, e.g.,
www.yahoo.com used by humans
Q: how to map between IP
address and name, and
vice versa ?
Domain Name System:


distributed database
implemented in hierarchy of
many name servers
application-layer protocol: hosts,
name servers communicate to
resolve names (address/name
translation)
 note: core Internet function,
implemented as applicationlayer protocol
 complexity at network’s
“edge”
Application Layer 2-19
Hostname to IP address translation












Example: www.chalmers.se 129.16.71.10
File may be edited on the system
Unix: /etc/hosts
Windows: c:\windows\system32\drivers\etc\hosts
Example of an entry manually entered in the file:
“129.16.20.245 fibula.ce.chalmers.se fibula”
Does not scale
Hard to change
All hosts need one copy of the file
Impossible on the Internet
Alternative: DNS, a large distributed database
DNS – Domain Name System
2: Application Layer
20
DNS: services, structure
DNS services


hostname to IP address
translation
host aliasing
 canonical, alias names


mail server aliasing
load distribution
 replicated Web
servers: many IP
addresses correspond
to one name
why not centralize DNS?




single point of failure
traffic volume
distant centralized database
maintenance
A: doesn’t scale!
Application Layer 2-21
DNS: a distributed, hierarchical database
Top Level
Domains
Root DNS Servers
…
com DNS servers
yahoo.com
amazon.com
DNS servers DNS servers
…
org DNS servers
pbs.org
DNS servers
edu DNS servers
poly.edu
umass.edu
DNS serversDNS servers
client wants IP for www.amazon.com; 1st approx:



client queries root server to find com DNS server
client queries .com DNS server to get amazon.com DNS server
client queries amazon.com DNS server to get IP address for
www.amazon.com
Application Layer 2-22
DNS: Root name servers (2009)
a Verisign, Dulles, VA
c Cogent, Herndon, VA (also LA)
d U Maryland College Park, MD
g US DoD Vienna, VA
h ARL Aberdeen, MD
j Verisign,
k RIPE London
i Netnod, Stockholm
e NASA Mt View, CA
f Internet Sys. consortium,
Palo Alto, CA
m WIDE Tokyo
b USC-ISI Marina del Rey, CA
l ICANN Los Angeles, CA
13 root name servers worldwide + replicas
(http://www.root-servers.org)
2: Application Layer
23
TLD, authoritative servers
top-level domain (TLD) servers:
 responsible for com, org, net, edu, aero, jobs, museums,
and all top-level country domains, e.g.: uk, fr, ca, jp
 Network Solutions maintains servers for .com TLD
 Educause for .edu TLD
authoritative DNS servers:
 organization’s own DNS server(s), providing
authoritative hostname to IP mappings for organization’s
named hosts
 can be maintained by organization or service provider
Application Layer 2-24
Local Cache-only DNS server


does not strictly belong to hierarchy
each ISP (residential ISP, company, university) has
one
 also called “default name server”

when host makes DNS query, query is sent to its
local DNS server
 has local cache of recent name-to-address translation
pairs (but may be out of date!)
 acts as proxy, forwards query into hierarchy
Application Layer 2-25
DNS name
resolution example


host at cis.poly.edu
wants IP address for
gaia.cs.umass.edu
Local name server
 acts as proxy for
clients
 Sends queries to
DNS hierarchy
root DNS server
2
3
TLD DNS server
4
5
local DNS server
dns.poly.edu
1
8
7
6
authoritative DNS server
dns.cs.umass.edu
requesting host
cis.poly.edu
gaia.cs.umass.edu
Application Layer 2-26
DNS Queries and
Answers
root DNS server
2
iterated query:



3
contacted server replies
with name of server to
contact
“I don’t know this name, local DNS server
dns.poly.edu
but ask this server”
root server always does this
1
8
recursive query:


puts burden of name
resolution on contacted
name server
heavy load at upper levels of
hierarchy?
iterative answer
4
TLD DNS
server
7
recursive
answer
6
5
authoritative DNS server
dns.cs.umass.edu
requesting host
cis.poly.edu
gaia.cs.umass.edu
(normal way as above, iterative + recursive)
Application Layer 2-27
DNS: caching, updating records

once (any) name server learns mapping, it caches
mapping
 cache entries timeout (disappear) after some time (TTL)
 TLD servers typically cached in local name servers
• thus root name servers not often visited

cached entries may be out-of-date (best effort
name-to-address translation!)
 if name host changes IP address, may not be known
Internet-wide until all TTLs expire

update/notify mechanisms proposed IETF standard
 RFC 2136
Application Layer 2-28
DNS records
DNS: distributed db storing resource records (RR)
RR format: (name,
type=A
 name is hostname
 value is IP address
type=NS
 name is domain (e.g.,
foo.com)
 value is hostname of
authoritative name
server for this domain
value, type, ttl)
type=CNAME
 name is alias name for some
“canonical” (the real) name
 www.ibm.com is really
servereast.backup2.ibm.com
 value is canonical name
type=MX
 value is name of mailserver
associated with name
Application Layer 2-29
DNS protocol, messages

query and reply messages, both with same message
format
2 bytes
2 bytes
msg header


identification: 16 bit # for
query, reply to query uses
same #
flags:
 query or reply
 recursion desired
 recursion available
 reply is authoritative
identification
flags
# questions
# answer RRs
# authority RRs
# additional RRs
questions (variable # of questions)
answers (variable # of RRs)
authority (variable # of RRs)
additional info (variable # of RRs)
Application Layer 2-30
DNS protocol, messages
2 bytes
2 bytes
identification
flags
# questions
# answer RRs
# authority RRs
# additional RRs
name, type fields
for a query
questions (variable # of questions)
RRs in response
to query
answers (variable # of RRs)
records for
authoritative servers
authority (variable # of RRs)
additional “helpful”
info that may be used
additional info (variable # of RRs)
Application Layer 2-31
Inserting records into DNS


example: new startup “Network Utopia”
register name networkuptopia.com at DNS registrar
(e.g., Network Solutions)
 provide names, IP addresses of authoritative name server
(primary and secondary)
 registrar inserts two RRs into .com TLD server:
(networkutopia.com, dns1.networkutopia.com, NS)
(dns1.networkutopia.com, 212.212.212.1, A)

Adding a new host/service to domain:
 Add to authoritative name server
• type A record for www.networkuptopia.com
• type MX record for networkutopia.com (mail)
Application Layer 2-32
Attacking DNS
DDoS attacks
 Bombard root servers
with traffic
 Not successful to date
 Traffic Filtering
 Local DNS servers
cache IPs of TLD
servers, allowing root
server bypass

Bombard TLD servers
 Potentially more
dangerous
Redirect attacks
 Man-in-middle
 Intercept queries

DNS poisoning
 Send bogus relies to
DNS server, which
caches
Exploit DNS for DDoS
 Send queries with
spoofed source
address: target IP
 Requires amplification
Application Layer 2-33
Summary


application architectures
 client-server
specific protocols:
 FTP
 SMTP, POP, IMAP
 DNS
Application Layer 2-34